Package jenkins.security

Class NonSerializableSecurityContext

java.lang.Object
jenkins.security.NonSerializableSecurityContext
All Implemented Interfaces:
Serializable, org.springframework.security.core.context.SecurityContext
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public class NonSerializableSecurityContext extends Object implements org.springframework.security.core.context.SecurityContext
The same as SecurityContextImpl but doesn't serialize Authentication.

Authentication often contains UserDetails implemented by a plugin, but when it's persisted as a part of HttpSession, such instance will never de-serialize correctly because the container isn't aware of additional classloading in Jenkins.

Jenkins doesn't work with a clustering anyway, and so it's better to just not persist Authentication at all. See the problem report.

Since:
1.509
Author:
Kohsuke Kawaguchi
See Also:

  • Constructor Details

    • NonSerializableSecurityContext

      public NonSerializableSecurityContext()

    • NonSerializableSecurityContext

      public NonSerializableSecurityContext(org.springframework.security.core.Authentication authentication)

  • Method Details

    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class Object

    • getAuthentication

      public org.springframework.security.core.Authentication getAuthentication()
      Specified by:
      getAuthentication in interface org.springframework.security.core.context.SecurityContext

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • setAuthentication

      public void setAuthentication(org.springframework.security.core.Authentication authentication)
      Specified by:
      setAuthentication in interface org.springframework.security.core.context.SecurityContext

    • toString

      public String toString()
      Overrides:
      toString in class Object